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DETAILED ACTION 

Response to Arguments 
1. Applicants arguments filed October 4, 2004 have been fully considered but they 
are not persuasive. 

It is argued by the applicant that Gilbrech does not teach a server as being a 
second component, but instead the second component is a router as per the teachings of 
Gilbrech. The examiner respectfully disagrees. Based upon the applicant's disclosure, 
the server component allows the client to connect over two or more networks, provides 
for temporary connections such as a virtual connection path, and additionally, the server 
component supports use of user accounts and passwords and is responsible for 
authentication for access to the private network as is recited on page 5, lines 5-7, 9-11, 
and lines 17-20. As per the teachings of Gilbrech, the term "server" is not disclosed, 
however the functionality of the virtual private network unit, or VPN Units, performs the 
same functions of a "server component" as indicated in the applicant's specification as 
recited above. Figure 2 demonstrates a client the ability to connect over two or more 
LANS (private networks) across the public network. Gilbrech discloses that a virtual 
private network is used, and VPNs are known to exist as temporary connections, see 
column 2, lines 45-50. Gilbrech additionally discloses that the VPN Units are 
responsible for the enforcement of rules and authentication practices as are applied to the 
group members, see column 2, lines 58-64. 

The applicant has argued that "a connection lasting as long as a mechanism at 
each of the components supporting a connection remains active" is not taught by 
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Gilbrech. The examiner respectfully disagrees. The applicant has recited in the 
specification virtual path connections are temporary connections as is recited on page 5, 
lines 9-1 1 which is consistent with virtual private networks only maintaining the 
connection as long as the tunnel is established between two endpoints. Termination can 
occur when the devices terminate the connection or keys can expire causing the 
connection to terminate. 

The applicant has indicated that the examiner's interpretation is inconsistent for 
independent claims 1 and 10 versus independent claim 19. The examiner has 
reconstructed the rejection so that they are now similarly applied. 
2. The applicant has complied with overcoming the examiner's objection to the 
specification and the objection is hereby withdrawn. 



Claim Rejections - 35 USC §102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent granted 
on an application for patent by another filed in the United States before the invention by the applicant 
for patent, except that an international application filed under the treaty defined in section 35 1(a) shall 
have the effects for purposes of this subsection of an application filed in the United States only if the 
international application designated the United States and was published under Article 21(2) of such 
treaty in the English language. 

4. Claims 1-3,5-12,14-26, and 28 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Gilbrech et al. 

As per claim 1, it is disclosed by Gilbrech et al of a method comprising sending a 



packet originating from a source (device) across the Internet (public network) to a 
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receiving VPN Unit (second/server component) to establish a connection between the 
source (device) and a LAN (private network)(col 6, lines 38-41; col. 8, lines 29-55; and 
as shown in Figures 2 & 5). The router (first component) is configured to connect to the 
VPN Unit (second/server component) prior to connecting to the enterprise (private) 
network (col. 2, lines 45-53, col. 6, lines 33-37, and as shown in Figure 2). It is 
determined if the communications from the device conform to authentication 
(authorization) rules to connect with the LAN (private network)(col. 2, lines 57-67). The 
request initiates from a router (first component) and is forwarded to a VPN Unit 
(second/server component) to establish the connection with the destination (col. 2, lines 
43-53,57-67 & col. 8, lines 17-26). The router (first component) creates and establishes 
the connection between the LAN (private network) and source (device) via the VPN Unit 
(second/server component)(col. 9, line 55 through col. 10, line 10 & as shown in Figures 
2 & 5). The examiner notes that routers are known as devices that receive transmitted 
messages and forward them to their correct destination, namely the LAN (private 
network) in light of the teachings of Gilbrech et al (as shown in Figures 2 & 5). The 
router (first component) is configured to connect to the VPN Unit (second/server 
component) prior to connecting to the enterprise (private) network (col. 2, lines 45-53, 
col. 6, lines 33-37, and as shown in Figure 2). 

As per claims 2 and 1 1 , Gilbrech et al discloses of forwarding a request initiated 
by a router (first component) and is forwarded to a VPN Unit (second/server component) 
to establish the connection with the destination (col. 2, lines 43-53,57-67 & col. 8, lines 
17-26). The examiner is interpreting the connection between the source (device), VPN 
Unit (second device), router (first network component), and device(s) on the LAN 
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(private network) to remain active as long as the devices maintain communications with 
one another and that the connection is temporary until terminated. 

As per claims 3 and 12, Gilbrech et al discloses of determining if the 
communications from the device conform with authentication rules to connect with the 
LAN and if so forwarding a request initiated by a router (first component) and is 
forwarded to a VPN Unit (second/server component) to establish the connection with the 
destination (col. 2, lines 43-53,57-67 & col. 8, lines 17-26). If the request is not from a 
recognized member of the VPN group, the packets are discarded (denying the device 
access)(col. 2, lines 57-67 & col. 8, lines 12-27). 

As per claims 5,6,14,15,25, and 26, it is disclosed by Gilbrech et al of a method 
comprising sending a packet originating from a source (device) across the Internet (public 
network) to a receiving VPN Unit (second/server component) to establish a connection 
between the source (device) and a LAN (private network)(col. 6, lines 38-41; col. 8, lines 
29-55; and as shown in Figures 2 & 5). The router (first component) is configured to 
connect to the VPN Unit (second/server component) prior to connecting to the enterprise 
(private) network (col. 2, lines 45-53, col 6, lines 33-37, and as shown in Figure 2). It is 
determined if the communications from the device conform to authentication 
(authorization) rules to connect with the LAN (private network)(col. 2, lines 57-67). The 
request initiates from a router (first component) and is forwarded to a VPN Unit 
(second/server component) to establish the connection with the destination (col. 2, lines 
43-53,57-67 & col. 8, lines 17-26). The router (first component) creates and establishes 
the connection between the LAN (private network) and source (device) via the VPN Unit 
(second/server component) (col. 9, line 55 through col. 10, line 10 & as shown in Figures 
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2 & 5). The examiner is interpreting the connection between the source (device), VPN 
Unit (first network component), and router (second network component) to remain active 
as long as the devices maintain communications with one another unless if that 
connection is terminated by any or all of the devices. 

As per claims 7 and 16, Gilbrech et al discloses of determining if the 
communications from the device conform to authentication (authorization) rules to 
connect with the LAN (private network)(col 2, lines 57-67). The request initiates from a 
router (first component) and is forwarded to a VPN Unit (second/server component) to 
establish the connection with the destination (col. 2, lines 43-53,57-67 & col. 8, lines 17- 
26). The examiner is interpreting the authentication rules to include a password since 
passwords are generally used for authentication. 

As per claims 8, 17, and 23, it is recited by the teachings of Gilbrech et al that the 
public network includes the Internet (col. 2, lines 43-46). 

As per claims 9 and 18, Gilbrech et al teaches of determining if the 
communications from the device conform to authentication (authorization) rules to 
connect with the LAN (private network)(col. 2, lines 57-67). The request initiates from a 
router (first component) and is forwarded to a VPN Unit (second/server component) to 
establish the connection with the destination (col. 2, lines 43-53,57-67 & col. 8, lines 17- 
26). It is interpreted by the examiner that the VPN Unit (second/server component) and 
router (first network component) are proxy servers since it is disclosed in the applicant's 
specification "Proxy servers can monitor and intercept any and all requests being sent to 
and/or received from the private network and/or the Internet. The proxying components 
can also provide client-to-private-network encryption" as is recited on page 7, lines 13- 
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17. Gilbrech discloses of performing encryption services on the packets and shows how 

both the VPN Unit (second/server network component) and router (first network 

component) intercept communications since that is the only path into the LAN (private 

network)(col. 8, lines 19-26 & as shown in Figure 2). 

As per claim 10, it is disclosed by Gilbrech et al of a techniques (machine 

readable instructions stored on an article) for sending a packet originating from a source 

(device) across the Internet (public network) to a receiving VPN Unit (second/server 

component) to establish a connection between the source (device) and a LAN (private 

network)(col. 6, lines 38-41; col. 8, lines 29-55; and as shown in Figures 2 & 5). The 

router (first component) is configured to connect to the VPN Unit (second/server 
* 

component) prior to connecting to the enterprise (private) network (col. 2, lines 45-53, 
col. 6, lines 33-37, and as shown in Figure 2). It is determined if the communications 
from the device conform to authentication (authorization) rules to connect with the LAN 
(private network)(col. 2, lines 57-67). The request initiates from a router (first 
component) and is forwarded to a VPN Unit (second/server component) to establish the 
connection with the destination (col. 2, lines 43-53,57-67 & col. 8, lines 17-26). The 
router (first component) creates and establishes the connection between the LAN (private 
network) and source (device) via the VPN Unit (second/server component)(col. 9, line 55 
through col. 10, line 10 & as shown in Figures 2 & 5). The examiner notes that routers 
are known as devices that receive transmitted messages and forward them to their correct 
destination, namely the LAN (private network) in light of the teachings of Gilbrech et al 
(as shown in Figures 2 & 5). The router (first component) is configured to connect to the 
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VPN Unit (second/server component) prior to connecting to the enterprise (private) 
network (col. 2, lines 45-53, col. 6, lines 33-37, and as shown in Figure 2). 

As per claim 19, it is disclosed by Gilbrech et al of a system for sending a packet 
originating from a source (device) across the Internet (public network) to a receiving 
VPN Unit (server component) to establish a connection between the source (device) and 
a LAN (private network)(col. 6, lines 38-41; col. 8, lines 29-55; and as shown in Figures 
2 & 5). The VPN Unit (server component) establishes the connection with the 
destination (col. 2, lines 57-67 & col. 8, lines 17-26). The request is then forwarded from 
the VPN Unit (server component) to the router (agent)(col. 8, lines 52-55 & as shown in 
Figures 2 & 5). The router (agent) creates and establishes the connection between the 
LAN (private network) and source (device) via the VPN Unit (server component) (col. 9, 
line 55 through col. 10, line 10 & as shown in Figures 2 & 5). The examiner notes that 
routers are known as devices that receive transmitted messages and forward them to their 
correct destination, namely the LAN (private network) in light of the teachings of 
Gilbrech et al (as shown in Figures 2 & 5). The router (agent component) is configured 
to connect to the VPN Unit (server component) prior to connecting to the enterprise 
(private) network (col. 2, lines 45-53, col. 6, lines 33-37, and as shown in Figure 2). 

As per claim 20, Gilbrech et al discloses of a router (agent) that creates and 
establishes the connection between the LAN (private network) and source (device) via 
the VPN Unit (server component)(col. 9, line 55 through col. 10, line 10 & as shown in 
Figures 2 & 5). The examiner notes that routers are known as devices that receive 
transmitted messages and forward them to their correct destination, namely the any 
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devices within the LAN (private network) as is taught by Gilbrech et al (as shown in 
Figures 2 & 5). 

As per claims 20 and 21, Gilbrech et al teaches of forwarding a request from the 
VPN Unit (server component) to the router (agent)(col. 8, lines 52-55 & as shown in 
Figures 2 & 5). The router (agent) creates and establishes the connection (by providing 
access) between the LAN (private network) and source (device) via the VPN Unit (server 
component)(col. 9, line 55 through col. 10, line 10 & as shown in Figures 2 & 5). Figure 
2 shows multiple devices connected to the LAN (private network). 

As per claim 22, it is disclosed by Gilbrech et al that communications are 
extensible to support any protocol used by the Internet (public network) and the LAN 
(private network)(col. 5, lines 57-61 & col. 6, lines 5-22). It is interpreted by the 
examiner that the VPN Unit (server component) and router (agent) handle the different 
protocols since they are connected across the Internet (public network) and LAN (private 
network)(as shown in Figures 2 & 5). 

As per claim 24, Gilbrech et al teaches of determining if the communications 
from the device conform to authentication rules to connect with the LAN and if so, the 
VPN Unit (server component) establishes the connection with the destination (col. 2, 
lines 57-67 & col. 8, lines 17-26). 

As per claims 27 and 29, Gilbrech et al teaches of determining if the 
communications from the device conform to authentication (authorization) rules to 
connect with the LAN and if so, the VPN Unit (server component) establishes the 
connection with the destination (col. 2, lines 57-67 & col. 8, lines 17-26). The request is 
then forwarded from the VPN Unit (server component) to the router (agent)(col. 8, lines 
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52-55 & as shown in Figures 2 & 5). It is interpreted by the examiner that the VPN Unit 
(server component) and router (agent) are proxy servers since it is disclosed in the 
applicant's specification "Proxy servers can monitor and intercept any and all requests 
being sent to and/or received from the private network and/or the Internet. The proxying 
components can also provide client-to-private-network encryption" as is recited on page 
7, lines 13-17. Gilbrech discloses of performing encryption services and authentication 
rules (security mechanisms) on the packets and shows how both the VPN Unit (server 
component) and router (agent) intercept communications since that is the only path into 
the LAN (private network) (col. 8, lines 19-26 & as shown in Figure 2). 

As per claim 28, it is shown in Figure 2 of Gilbrech et al the routers (agents) are 
implemented inside the LANs (private networks). 

Conclusion 

5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christopher A. Revak whose telephone number is 571- 
272-3794. The examiner can normally be reached on Monday-Friday, 6:30am-4:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 
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